Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.. openSUSE security update: security update for tomcat ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21327-1 Rating: moderate References: * bsc#1269791 * bsc#1269824 * bsc#1269907 * bsc#1269908 * bsc#1269909 * bsc#1269910 Cross-References: * CVE-2026-50229 * CVE-2026-53404 * CVE-2026-53434 * CVE-2026-55276 * CVE-2026-55955 * CVE-2026-55956 CVSS scores: * CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed. Description: This update for tomcat fixes the following issues Update to Tomcat 9.0.119. Security issues fixed: - CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791). - CVE-2026-53404: always-incorrect control flowimplementation in the rewrite valve caused non-OR conditions to be skipped if the first condition in an OR chain matched (bsc#1269910). - CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824). - CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints to not be included when the effective web.xml was logged (bsc#1269909). - CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster component (bsc#1269908). - CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint (bsc#1269907). Other updates and bugfixes: - Tomcat 9.0.119: * Catalina + Add: Add support for literal '%' characters in access log output. Based on pull request #1002 by Fabian Hahn. (markt) + Fix: Prevent duplicate log messages when clustering JARs are not present on startup. (csutherl) + Code: Remove unnecessary code from the SSI processing engine that was duplicating some of the normalisation checks. (markt) + Fix: Cleaner handling of invalid SPNEGO tokens. (remm) + Fix: Avoid some NPEs in the Connector class on an uninitialize protocol. (remm) + Fix: Incorrect session average life calculation. (remm) + Fix: Improve robustness on using Pipeline.setBasic on a running pipeline. (remm) + Fix: Avoid any init parameter updates when conflicts are found for filters, similar to what is done for servlets, as required by the servlet specification. (remm) + Fix: Fix container event cleanups in some edge cases. (remm) + Fix: Check for last-modified header in ExpiresFilter when a servlet uses addDateHeader to avoid wrongly considering it has been set. (remm) + Fix: Fix hour unit used by ExpiresFilter. (remm) + Fix: Remove exception swallowing in DataSourceStore to align itwith FileStore and avoid session loss on errors. (remm) + Fix: Add support for single-quote escaped literal as well as quoted literals in DateFormatCache. (schultz) + Fix: On JAAS logout, clear out role principals on the subject that were added on commit, as recommended by the JAAS specification. (remm) + Fix: MemoryRealm should not add a dummy role when none is specified in the configuration. (remm) + Fix: DataSourceUserDatabase should return a null principal on a non existing user. (remm) + Fix: Fix shared lock expiration in WebDAV. (remm) + Fix: Inaccurate session exipration statistics when using the persistent manager. (remm) + Fix: Skip BOM when serving files with UTF-32 encoding. (remm) + Fix: Mixup of WrapperListener and WrapperLifecycle elements in storeconfig. (remm) + Fix: Incorrect processing of modified users in DataSourceUserDatabase. (remm) + Update: Clarify behavior in the UserDatabase for user, role and group creation that it does not immediately override existing elements. Removal (or update) needs to be used instead. (remm) + Fix: 70049: Align the web application class loader with parent class loaders and swallow any errors caused by invalid paths when looking up resources and behave as if the resources were not found in that case. (markt) + Fix: Improve validation of Range and Content-Range parsers so invalid ranges trigger a 4xx response rather than a 500 response. Pull request #1012 provided by Sahana Surendra Bogar. (markt) + Fix: Fix connection leak in ProxyErrorReportValve. (remm) + Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off rather than true or false to align with httpd. (markt) + Fix: Reset the encoding used for query string parameters between requests in case an application changed the encoding in a previous request. (markt) + Fix: When encoding URLs with the CsrfPreventionFilter, don't add thenonce to URLs that are known not to require it. (markt) + Fix: Fix CombinedRealm isAvailable, it allows authentication if at least one sub realm is available. (remm) + Fix: 70048: Correctly handle asynchronous requests in PersistentValve. (markt) + Fix: Improve the detection of cross-context dispatches when using a RequestDispatcher. (markt) + Fix: Fix various instances of double decoding of URL patterns configured either programmatically or in web.xml. (remm/markt) + Fix: Align the rewrite conditions ornext flag processing with mod_rewrite, which follows a purely sequential evaluation strategy. (remm) + Fix: Change the default for the useRedirect attribute of the ProxyErrorReportValve from true to false. (markt) + Add: Add support for the showReport attribute in JsonErrorReportValve and ProxyErrorReportValve. When set to false, detailed error information (message, description, stack trace) is suppressed from error responses. (dsoumis) + Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar is removed but catalina-ha.jar is present and the Cluster element is enabled in server.xml. Cluster digester rules are now fully conditional on both JARs being available. (dsoumis) + Fix: Fix a potential deadlock when copying resources using WebDAV. (markt) + Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list of reserved prefixes for SSI variables and request attributes. (markt) + Fix: Missing URL decoding when processing addMapping on a Servlet registration. (remm) + Fix: The Timeout WebDAV header allows comma separated values (according to the examples in the RFC). Use the first acceptable value. (remm) + Fix: Fix various issues when logging the effective web.xml for a web application. Empty sections are no longer logged. Special roles and empty authorisation constraints are included. (markt) + Fix: Expand the write lock forthe save process in the MemoryUserDatabase to avoid concurrency issues with the file save operations. (markt) + Fix: Ensure atomic session persistence in FileStore. Based on pull request #1016 by sahvx655-wq. (markt) + Fix: Do not ignore methods configured on security constraints that map to the default servlet. (markt) * Cluster + Fix: Expand wording and increase visibility of log message when cloud membership is configured without a trust store as all certificates will be trusted in this configuration. (markt) + Fix: Ensure listeners are correctly added and removed when configuring the channel coordinator. (markt) + Fix: Fix some concurrency issues in FragmentationInterceptor. (markt) + Fix: Fix some concurrency issues in OrderInterceptor. (markt) + Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt) + Fix: Fix concurrency issues generating MD5 digests in the CloudMembershipProvider implementations. (markt) + Add: Add replay protection to the EncryptInterceptor. This is a breaking change for the EncryptInterceptor. (markt) * Coyote + Add: Log a suitable warning if an encrypted PEM file is detected using an insecure form for encryption. (markt) + Fix: If TLS groups have been configured, use the configured groups rather than using OpenSSL's default TLS groups when using Tomcat Native with OpenSSL based connectors. (markt) + Fix: For HTTP/2, ensure that any in progress request body reads are cancelled if the container resets the associated stream. This prevents delays waiting for reads to time out when it is known that no more data will be received. (markt) + Fix: Ensure that malformed HTTP/2 messages that should trigger a stream reset do so, rather than triggered a connection close. (markt) + Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm) + Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2, following refactor clean-up of header buffer. (remm) + Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm) + Fix: Fix MessageByte.equals if called on a null MB. (remm) + Fix: Call the delegate key manager in JSSE to retrieve the server key. (remm) + Fix: Avoid overflow scenarios in Asn1Parser. (remm) + Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that allows the consistency check for the scheme provided by the user agent to be bypassed. (markt) + Fix: isTrailerFieldsReady was always returning true. (remm) + Fix: Align OpenSSL/Panama TLS implementation with other implementations and throw an exception if there is an error loading the provided CRL(s). (markt) + Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if @STRENGTH was encountered, ignoring any subsequent expressions. (markt) + Fix: Handle the case where the HTTP/2 payload length is insufficient for the mandatory data required by the flags set in the header. (markt) + Fix: 70102: Correct expected size of ticket keys when calling setSessionTicketKeys with an FFM connector. (markt) + Fix: 69988: Fix post handshake authentication for TLS 1.3. It was broken by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt) + Fix: When processing an OpenSSL cipher specification, fully align the order of the resulting ciphers with the order produced by OpenSSL. (markt) + Add: Add support for Brainpool TLS groups. Patch provided by YStankov. (schultz) + Update: Update both the minimum and recommended version for Tomcat Native 1.x to 1.3.8. (markt) * Jasper + Fix: Fix possible EL argument mismatch when it was set to null. (remm) + Fix: Fix thread safety of TagPluginManager. (remm) + Fix: Correctly use flush on JSP include. (remm) * Web applications + Add: Manager: Add checks to ensure that any uploaded files are uploaded to the expected location.(markt) + Add: Manager: Add checks to ensure that the requested context path for a deployed WAR, directory or descriptor file is valid. (markt) + Add: Documentation: Expand the description of some of the attributes of the CrawlerSessionManagerValve. (markt) + Fix: Documentation: Clearer description and correct documented default for ocspSoftFail. (markt) + Fix: Fix double escaping in the context names for the JSON mode of the manager servlet. (remm) + Fix: Manager: Ensure automatic deployment does not trigger an undeployment during a Manager triggered web application reload. (markt) + Fix: Documentation: Provide better documentation for the scheme and secure attributes of a Connector. (markt) * Websocket + Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm) + Fix: Trigger standard WebSocket error handling if a call to Endpoint.onOpen() fails for a programmatic endpoint. (markt) + Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a programmatic endpoint. Test case provided by uabdur. (markt) + Fix: If a client presents invalid parameters when negotiating a WebSocket extension, decline the negotiation offer that includes the invalid parameters rather than failing the connection. Pull request #1019 provided by sahvx655-wq. (markt) * Other + Fix: Wrong references to jakarta instead of javax. (remm) + Fix: Restore default authenticator to nullafter executing an Ant task. (remm) + Update: Update Commons Daemon to 1.6.1. (markt) + Update: Improvements to French translations. (remm) + Update: Improvements to Japanese translations provided by tak7iji. (markt) + Update: Update Tomcat Native to 1.3.8. (markt) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSELeap 16.0 zypper in -t patch openSUSE-Leap-16.0-1231=1 Package List: - openSUSE Leap 16.0: tomcat-9.0.119-160000.1.1 tomcat-admin-webapps-9.0.119-160000.1.1 tomcat-docs-webapp-9.0.119-160000.1.1 tomcat-el-3_0-api-9.0.119-160000.1.1 tomcat-embed-9.0.119-160000.1.1 tomcat-javadoc-9.0.119-160000.1.1 tomcat-jsp-2_3-api-9.0.119-160000.1.1 tomcat-jsvc-9.0.119-160000.1.1 tomcat-lib-9.0.119-160000.1.1 tomcat-servlet-4_0-api-9.0.119-160000.1.1 tomcat-webapps-9.0.119-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-50229.html * https://www.suse.com/security/cve/CVE-2026-53404.html * https://www.suse.com/security/cve/CVE-2026-53434.html * https://www.suse.com/security/cve/CVE-2026-55276.html * https://www.suse.com/security/cve/CVE-2026-55955.html * https://www.suse.com/security/cve/CVE-2026-55956.html . Security update for openSUSE addresses multiple issues in Tomcat. Install patches to mitigate risks.. openSUSE tomcat update security. . Severity: moderate. LinuxSecurity.com Team
Several security issues were fixed in libexif.. ========================================================================== Ubuntu Security Notice USN-8531-1 July 13, 2026 libexif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libexif. Software Description: - libexif: library to parse EXIF files Details: It was discovered that libexif had an integer overflow in its MakerNote decoder when called with a zero-length buffer. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-32775) It was discovered that libexif had an integer overflow in its Nikon MakerNote handler on 32-bit systems. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40385) It was discovered that libexif had an integer underflow in its size checking for Fuji and Olympus MakerNote decoding. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libexif12 0.6.25-2ubuntu0.1 Ubuntu 24.04 LTS libexif12 0.6.24-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libexif12 0.6.24-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8531-1 CVE-2026-32775, CVE-2026-40385, CVE-2026-40386 Package Information: https://launchpad.net/ubuntu/+source/libexif/0.6.25-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libexif/0.6.24-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libexif/0.6.24-1ubuntu0.22.04.1 . Multiple security issues in libexif for Ubunturequire immediate updates to prevent potential attacks.. libexif security, Ubuntu update, software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for alsa Announcement ID: SUSE-SU-2026:22291-1 Release Date: 2026-06-28T08:49:12Z Rating: moderate References: * bsc#1268853 Cross-References: * CVE-2026-56109 CVSS scores: * CVE-2026-56109 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-56109 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-56109 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for alsa fixes the following issue * CVE-2026-56109: double-free vulnerability in parse_def() in src/conf.c that allows attackers to corrupt memory (bsc#1268853). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1097=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libasound2-debuginfo-1.2.14-160000.3.1 * alsa-debugsource-1.2.14-160000.3.1 * libasound2-1.2.14-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-56109.html * https://bugzilla.suse.com/show_bug.cgi?id=1268853 . A security advisory detailing a moderate patch for alsa addressing a double-free issue that affects SUSE Linux Micro.. SUSE Linux Micro alsa security double-free moderate. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # agama-web-ui-22+143.ee15dea20-46.1 on GA media Announcement ID: openSUSE-SU-2026:11128-1 Rating: moderate Cross-References: * CVE-2026-34077 CVSS scores: * CVE-2026-34077 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the agama-web-ui-22+143.ee15dea20-46.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * agama-web-ui 22+143.ee15dea20-46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34077.html . An agama-web-ui update addresses a moderate risk vulnerability in openSUSE. Learn more about the security advisory details.. openSUSE updates, agama-web-ui security, moderate risk issue, vulnerability details. . Severity: moderate. LinuxSecurity.com Team
Important: evince security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28998", "synopsis": "Important: evince security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for evince.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen (CVE-2026-46529)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2487669", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2487669", "description": ""}], "cves": [{"name": "CVE-2026-46529", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46529", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-77"}], "references": [], "publishedAt": "2026-06-25T06:00:31.266414Z", "rpms": {"Rocky Linux 8": {"nvras": ["evince-0:3.28.4-17.el8_10.aarch64.rpm", "evince-0:3.28.4-17.el8_10.src.rpm", "evince-0:3.28.4-17.el8_10.x86_64.rpm", "evince-browser-plugin-0:3.28.4-17.el8_10.aarch64.rpm", "evince-browser-plugin-0:3.28.4-17.el8_10.x86_64.rpm", "evince-browser-plugin-debuginfo-0:3.28.4-17.el8_10.aarch64.rpm", "evince-browser-plugin-debuginfo-0:3.28.4-17.el8_10.x86_64.rpm", "evince-debuginfo-0:3.28.4-17.el8_10.aarch64.rpm", "evince-debuginfo-0:3.28.4-17.el8_10.i686.rpm","evince-debuginfo-0:3.28.4-17.el8_10.x86_64.rpm", "evince-debugsource-0:3.28.4-17.el8_10.aarch64.rpm", "evince-debugsource-0:3.28.4-17.el8_10.i686.rpm", "evince-debugsource-0:3.28.4-17.el8_10.x86_64.rpm", "evince-devel-0:3.28.4-17.el8_10.aarch64.rpm", "evince-devel-0:3.28.4-17.el8_10.i686.rpm", "evince-devel-0:3.28.4-17.el8_10.x86_64.rpm", "evince-libs-0:3.28.4-17.el8_10.aarch64.rpm", "evince-libs-0:3.28.4-17.el8_10.i686.rpm", "evince-libs-0:3.28.4-17.el8_10.x86_64.rpm", "evince-libs-debuginfo-0:3.28.4-17.el8_10.aarch64.rpm", "evince-libs-debuginfo-0:3.28.4-17.el8_10.i686.rpm", "evince-libs-debuginfo-0:3.28.4-17.el8_10.x86_64.rpm", "evince-nautilus-0:3.28.4-17.el8_10.aarch64.rpm", "evince-nautilus-0:3.28.4-17.el8_10.x86_64.rpm", "evince-nautilus-debuginfo-0:3.28.4-17.el8_10.aarch64.rpm", "evince-nautilus-debuginfo-0:3.28.4-17.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update for Evince addresses critical security issue impacting Rocky Linux systems, enhances document security against exploits.. Rocky Linux Evince Update Security Exploit RCE. . Severity: Important. LinuxSecurity.com Team
The system could be compromised under certain conditions.. ========================================================================== Ubuntu Security Notice USN-8361-2 June 04, 2026 linux-fips vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: The system could be compromised under certain conditions. Software Description: - linux-fips: Linux kernel with FIPS Details: A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - Packet sockets; (CVE-2026-31504) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS linux-image-4.4.0-1125-fips 4.4.0-1125.132 Available with Ubuntu Pro linux-image-fips 4.4.0.1125.127 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8361-2 https://ubuntu.com/security/notices/USN-8361-1 CVE-2026-31504 Package Information: https://launchpad.net/ubuntu/+source/linux-fips/4.4.0-1125.132 . Critical update for Ubuntu 16.04 LTS addressing a potential attack via the linux-fips kernel. Immediate action needed.. Linux Kernel Update Ubuntu FIPS Attack. . Severity: Critical. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21973-1 Release Date: 2026-06-02T03:39:39Z Rating: important References: * bsc#1261630 * bsc#1261845 * bsc#1264096 * bsc#1265224 * bsc#1265384 Cross-References: * CVE-2025-54518 * CVE-2026-23437 * CVE-2026-31406 * CVE-2026-46300 * CVE-2026-46333 CVSS scores: * CVE-2025-54518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-54518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23437 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23437 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31406 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.29.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096). * CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845). * CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630). * CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224). * CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-856=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_8-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_29-default-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_29-default-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54518.html * https://www.suse.com/security/cve/CVE-2026-23437.html * https://www.suse.com/security/cve/CVE-2026-31406.html * https://www.suse.com/security/cve/CVE-2026-46300.html * https://www.suse.com/security/cve/CVE-2026-46333.html * https://bugzilla.suse.com/show_bug.cgi?id=1261630 * https://bugzilla.suse.com/show_bug.cgi?id=1261845 * https://bugzilla.suse.com/show_bug.cgi?id=1264096 * https://bugzilla.suse.com/show_bug.cgi?id=1265224 * https://bugzilla.suse.com/show_bug.cgi?id=1265384 . Updates for SUSE Linux Enterprise kernel resolve multiple important security issues and enhance system integrity.. SUSE Linux Enterprise Kernel Update, Important Security Issues,Local Root Exploit Fix. . Severity: Important. LinuxSecurity.com Team
An update that solves 2 vulnerabilities can now be installed.. # memcached-1.6.42-1.1 on GA media Announcement ID: openSUSE-SU-2026:10882-1 Rating: moderate Cross-References: * CVE-2026-47783 * CVE-2026-47784 CVSS scores: * CVE-2026-47783 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-47784 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the memcached-1.6.42-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * memcached 1.6.42-1.1 * memcached-devel 1.6.42-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-47783.html * https://www.suse.com/security/cve/CVE-2026-47784.html . An openSUSE advisory offering updates for memcached addressing two moderate-level vulnerabilities with detailed CVSS scores.. openSUSE memcached security update vulnerabilities CVE 2026. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.